I am developing a j2me application and i am extremely concerned about the security
and encryption of data. I am planning to implement this using the https implementation
of java for MIDP2.0 profile and cldc1.1 configuration.
My question concerns how exactly the kvm performs the https negotiation beetween the sever
and the client and particularly if the client sends a certificate, so the sever knows that
the request is from a valid source.
Lets examine the following scenario:
I have a digitally signed Midlet and i have a https server with a valid certificate.The Midlet
performs a https connection with the server.During the "handshake" client and server exchange
some messages so they can authenticate each other.
I know that server's Certificate is used and client can authenticate that server is a trusted source.
Does this happen also from client side? Meaning that the client Midlet is using it's own certificate?
What certificate? Does the programmer have to implement/materialize anything or this is done
automatically and transparently from kvm?